keystore : Java Glossary

In Java version 1.2 or later, the .keystore file contains your public and private keys. The peculiar
leading dot makes the file hidden in Unix.

By default, .keystore has no password, though you normally assign it one with
keytool.exe. Don’t
lose the password. There is no way to recover it. You would have to start over and
create a new empty .keystore with keytool.exe.

.keystore is stored in a binary jks format JKS (Java Key Store) similar to PKCS
#12 containing both public and private keys, protected by a passphrase. The first
four signature bytes of a Sun .keystore file in hex are
FEEDFEED.

Location

Since Java does not automatically create .keystore, The sysadmin might put it wherever he pleases. Likely places
to look include:

XP:"C:\Documents and Settings\user\Application Data\Sun\Java\Deployment\security\.keystore"C:\Documents and Settings\user\.keystore

Win2K:C:\WINNT\Profiles\user\.keystore

It is supposed to be in:

Unix : ${user.home}/.java/deployment/security

Windows : ${deployment.user.home}\security

Where user.home and deployment.user.home are system properties.
C:\Program Files (x86)\Java\jre6\lib\security\.

Make sure you back up your .keystore files
especially when upgrading your OS (Operating System) or Java. Otherwise you will lose your code signing
certificates.

Usually the .keystore file is stored in Sun
JKS format, but
keytool.exe is capable of dealing with other formats as
well. Here is how to find out what other formats

Browser Keystores

It is possible for Java to get at the
keystores of the various Mozilla family brewers using a tool called JSS
(Network Security Services for Java). Java automatically accesses the
Windows/Internet Explorer keystores when validating code-signing certificates for
Applets and Java Web Start.